Research and Information Security Kit for research projects.
RISK promotes a security-first research culture by providing tools, resources, and best practices for maintaining data integrity and privacy.
Join our initial public trial
As member of the INKE Partnership, RISK is supported in part by funding from the Social Sciences and Humanities Research Council.
- • A detailed overview you can execute
- • Policy language with enforceable controls
- • A clear risk narrative for stakeholders
Risk Capabilities
Risk is capable of the following, executing each effectively to support your team.
RISK pulls relevant knowledge-base context before answering—so guidance stays aligned to security and your internal standards, not generic web advice.
Draft policies like Clean Desk, data handling, access control, retention, incident handling, onboarding/offboarding then iterate fast.
Upload protocols, SOPs, vendor docs, policies, or reports. Get structured findings: gaps, contradictions, risk hotspots, and recommendations.
Compare versions and get what changed, why it matters, what control shifted, and what to do next—without spending hours diffing docs.
Generate documents you can keep, refine, and reuse. Request improvements that increase clarity, compliance, and operational usability.
Generate quizzes for training & awareness; and support listing + generating filled PDF forms when needed.
Research workflows
RISK is built for research realities: fast iteration, ambiguous requirements, and high consequence decisions.
Turn research complexity into a defendable control picture: data types, flows, access, storage, retention, auditability.
Identify missing controls (clean desk, removable media, encryption, logging, access reviews) and produce policy-ready language.
Map assets, trust boundaries, attack surfaces, and pragmatic mitigations—then document decisions and residual risk.
Highlight evidence gaps, contradictions, and questions to ask—especially where marketing claims outpace controls.
SOPs, protocols, policies, vendor docs. Then ask for a gap analysis, control mapping, or rewrite.
Get meaningful changes + security impact—scope, exceptions, enforcement, and residual risk.
Produce enforceable language and operational checklists teams can actually follow.
How it works
A tight loop designed around your security: retrieving policies, create/update documents, generate security forms.
Ask a question; RISK retrieves relevant policies context and answers according to the context of your team.
Generate dedicated content, update it on request, and request improvement suggestions.
Specify a policy and describe the changes; RISK updates the policy content.
Provide intended security training like quizes from a topic to reinforce security awareness.
Make research security decisions with speed—and receipts.
Grounded analysis, policy-ready writing, and structured outputs designed to survive audits and real-world operations.
FAQ
What RISK does, and in practice.
▸What is RISK?
RISK is a cybersecurity + research-security expert designed to produce usable outputs (policies, reviews, checklists, guidance) with workflows.
▸Does RISK create research security policies?
Yes. Drafting and iterating on policy/SOP content is a core workflow: create documents, update them, and improve them with structured suggestions.
▸How does RISK stay aligned with our internal standards?
RISK can retrieve relevant internal content from your knowledge that you share and use it to ground answers before responding.
▸What can RISK do with uploaded documents?
You can upload policies/SOPs/protocols/reports and request summaries, comparisons, security flaw analysis, missing controls, and remediation recommendations.